Wp-calypso: Gutenframe: Verify flows with upcoming `SameSite` cookie changes.
With Chrome 80 in February 2020, Chrome will be changing the default “SameSite” cookie behavior to effectively disable 3rd party cookies. We can avoid this by settings SameSite:None on those cookies and settings the secure attribute on the cookie ( meaning it will only be usable over HTTPS ).
We need to verify if any changes are needed for our Gutenframe flows. See: pb6Nl-daR-p2.
kwight
All 3 comments
Please test in Chrome Canary for Simple, Atomic and Jetpack sites. This is an investigation task, please open new issues if there's additional work needed, and we'll prioritize in upcoming sprints.
gwwar
on 11 Nov 2019
Verified Simple sites still work (both with and without mapped domains), but Atomic and Jetpack sites cannot load Gutenframe. Thankfully, our fallback ends up redirecting to the WP Admin editor, but we should keep existing behavior (load Gutenframe) by setting SameSite:None on the auth cookies.
Opened a separate issue: https://github.com/Automattic/wp-calypso/issues/37558.
mmtr
on 13 Nov 2019
Awesome that @glendaviesnz 's fallback work remains robust – nice to know we wouldn't fall over anyways.
kwight
on 13 Nov 2019
Related issues
samouri
·
3Comments
rickybanister
·
3Comments
ehg
·
3Comments
kellychoffman
·
3Comments
gedex
·
3Comments
Most helpful comment
Verified Simple sites still work (both with and without mapped domains), but Atomic and Jetpack sites cannot load Gutenframe. Thankfully, our fallback ends up redirecting to the WP Admin editor, but we should keep existing behavior (load Gutenframe) by setting
SameSite:Noneon the auth cookies.Opened a separate issue: https://github.com/Automattic/wp-calypso/issues/37558.